Smart Bruteforcing
Automated Exploitation
Manual Exploitation
Social Engineering Campaign
Web App Scanning & Exploitation
GA
IN A
CCES
S
Port Scan (Nmap)
Vulnerability Scan (Rapid7 Nexpose)
Manually Add Device
DIS
COVE
R D
EVIC
ESCO
LLEC
T EV
IDEN
CE
Command Shell Session
Meterpreter Session
Manual Authentication
Impersonate Administrator
Proxy & VPN Pivoting
TAK
E CO
NTR
OL
Every penetration tester has a slightly different method, and assessments depend on the environment and goals.
That said, here are the stages of a typical security assessment:
KEY CONSIDERATIONS FOR YOUR NEXT PENETRATION TEST
WHY PENETRATION TESTING?People conduct penetration tests for a number of reasons:
Penetration testing is the process of identifying security gaps in your IT infrastructure by mimicking real world attacks.
Think about it as quality assurance for your IT security.
PENETRATIONTESTING?
Ask, “What is the most important digital asset my company needs to protect?” Then instruct the penetration tester to try to access those systems.
SET THE SCOPE
Ensure that the person carrying out a penetration test on your systems is qualified to do so. Avoid issues with your production environment.
CONDUCT THE TEST SAFELY
Do you have enough work to employ a penetration tester full-time? You may want a truly independent assessment, which means enlisting an external penetration tester with a fresh set of eyes.
IN-HOUSE VS. OUTSOURCED
Whether you’re hiring an internal penetration tester or a consultant, make sure they are well trained and highly trustworthy.
SELECT THE RIGHT PERSON
FOR A MORE DETAILED GUIDE ON PENETRATION TESTING PRINCIPLES AND BEST PRACTICES, DOWNLOAD THE WHITEPAPER:
www.rapid7.com/what-is-penetration-testing
Check security controls
Prevent data braches
Meet compliance requirements
Get a baseline for your security program
Ensure security of new applications
Assess incident detection and response
effectiveness
Automated Evidence Collection Modules
Live Reporting
Collect Credentials
Collect Loot (PII, PHI, IP, and
card-holder data)